Solved

Preventing user from connecting other than through VPN

Posted on 2006-11-21
8
283 Views
Last Modified: 2008-02-01
I have a Virtual Machine (VM) with a VPN connection. I double click the icon on the desktop to connect. After that I go out under the VPNs IP. When I am not connected I go out under my IP (Verizon DSL).

What I want is preventing the ability to go out to the internet from this VM except under VPN. That is if someone forgets to "dial in" and tries to open the IE or other application he gets an error.

"other application" = "any program accessing the Internet". ICQ, FTP client, whatever.
0
Comment
Question by:SergiyK
  • 4
  • 4
8 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17990811
One option:  Statically assigning the remote VPN site's local DNS server as the only DNS server, in the TCP/IP DNS properties of the connecting VM, will restrict access,s unless they try to do so by IP. If you do so, your VPN will have to connect by IP or have a manual entry in the Hosts file for the domain name to which it is connecting, since it will not be able to resolve DNS names until the VPN is connected.
0
 

Author Comment

by:SergiyK
ID: 17995424
I do not know what the remote site's DNS server is. How do I find out?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17995498
That is a good question :-)  Usually you would have some involvement in the management of the remote site an know that. Can you contact someone at that site and ask them at a command line to run   ipconfig  /all    this will return it's DNS configuration. If not let us know what type of VPN connection you have or client you are using and you may bed able to retrieve it. You may already have it on the local machine. You could run ipconfig  /all on the local machine while the VPN is connected, and check next to DNS for an IP starting with 192.168.x.x, 10.x.x.x or 172.16-31.x.x  Then make sure it is not part of your local network.
You could also try while connected to the VPN using    nslookup  RemoteDomainName.abc  if you no the domain name.
0
 

Author Comment

by:SergiyK
ID: 17995645
I am using a regular VPN :) I set it up like this:


New Connection ->
Connect ... at workplace -->
V.P.N. ->
Company name = *** -->
Do not dial initial connection -->
IP = **.**.***.***

Then I hit connect, enter user name and password and I am there.

Ipconfig did not really work...

C:\Documents and Settings>ipconfig
Windows IP Configuration
An internal error occurred: Incorrect function.
Please contact Microsoft Product Support Services for further help.
Additional information: Unknown media status code.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:SergiyK
ID: 17996066
Ok, Ipconfig worked now:


Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : *****.******.com
        IP Address. . . . . . . . . . . . : 192.168.*.**
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.*.*

PPP adapter Bagalya:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.*.***
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.*.***
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17999352
You need to use:   ipconfig /all    to get the DNS servers. But it may not help. The one you want should be displayed under the PPP adapter's configuration.

Do you have a domain at your end, or might *****.******.com be the domain name at the remote end? If so try, when the VPN is connected entering;
nslookup   *****.******.com
and it should return the IP of the remote DNS server.
0
 

Author Comment

by:SergiyK
ID: 18015802
C:\Documents and Settings>nslookup myhome.westell.com
Server:  dslrouter
Address:  192.168.1.1

Name:    myhome.westell.com
---

This is my router's IP address...

By the way, can I set up the router for this VM so that traffic of this partricular VM can go only from one IP (VPN)?

0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 18019348
>>'can I set up the router for this VM so that traffic of this partricular VM can go only from one IP (VPN)?"
Not familiar with your modem/router, but as a rule on simple units like the Westells, you can control what IP's are allowed outgoing connections, but not where they go. Where the VPN is a virtual connection I doubt you can block it in that way.

>>"Server:  dslrouter"
As mentioned, that is the router. You need the corporate DNS server's IP.
Do you know the name of any computers or servers at the corporate site, even if by checking drive mappings? If so using nslookup as suggested earlier should return the computers IP but also the IP of the DNS server that resolved the name. This of course has to be done while the VPN is connected.
nslookup  RemoteDomainName.abc  
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Lets look at the default installation and configuration of FreeProxy 4.10 REQUIREMENTS 1. FreeProxy 4.10 Application - Can be downloaded here (http://www.handcraftedsoftware.org/index.php?page=download) 2. Ensure that you disable the windows fi…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now